httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harald Heggelund <har...@norddata.no>
Subject SV: [users@httpd] Security problem in apache with forms?
Date Tue, 30 Oct 2007 13:40:05 GMT
Thanks for your reply,

Yes, this is my server's log. The point is that the IP-addresses in the log are completely
unknown to me. In fact, one of them resolves to:
   seg75-4-82-228-61-77.fbx.proxad.net [82.228.61.77]
seems suspicious to me. In some cases, the request itself is coming from the same address.

Well, anyway, if this isn't the problem, SOMEHOW spam is entering my mail queue from "localhost".
Any suggestions as to how I track down the origin?


> -----Opprinnelig melding-----
> Fra: Christian Folini [mailto:christian.folini@post.ch]
> Sendt: 30. oktober 2007 14:32
> Til: users@httpd.apache.org
> Emne: Re: [users@httpd] Security problem in apache with forms?
>
> Hey Harold,
>
> > "POST http://87.118.100.88/proxy5/check.php HTTP/1.1" 404 297
> > "POST http://82.228.61.77:49627/Chcks/Data_I.php HTTP/1.1" 404 297
>
> If this is your server's log, then it's requests coming in.
> The 404 number indicates, that the script in question has
> not been found. Somebody tried to post data (POST requests)
> to a script on your server, but the server did find the script and
> returned HTTP Status 404 "File not found" back to the client
> (=spammer?).
>
> It's rather typical to see this in a logfile of a server
> connected to the internet. But the fact, that the request contains
> more than the path is a bit unusual for me.
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message